01-06-2016 01:52 AM
Hi community
I've got a FireSight 6.0 VM with 4 FirePower modules enabled from four ASA 5506-X devices.
They are all updated to FirePower 6.0 and in FireSight I have an activated license:
Under device management for a FirePower I still cannot select URL filtering:
What to do?
Solved! Go to Solution.
01-06-2016 12:00 PM
The no-cost permanent Control (CTRL) license is a prerequisite for any of the term-based subscription licenses. The PAK It should have been included with the ASAs.
If it wasn't your partner (or the TAC) can call it up from the sales order and you can then redeem it for a license.
01-06-2016 12:00 PM
The no-cost permanent Control (CTRL) license is a prerequisite for any of the term-based subscription licenses. The PAK It should have been included with the ASAs.
If it wasn't your partner (or the TAC) can call it up from the sales order and you can then redeem it for a license.
01-06-2016 10:35 PM
Thank you very much :) It works!
I haven't been able to find any documentation on this, is this supposedly common knowledge?
01-07-2016 05:53 AM
You're welcome.
It is documented, although I admit it's not an obvious thing to check. It's the kind of mistake you make once - I certainly did. :).
See, for example column three of the table below (although they have it mixed around - it should say the Control license).
advanced malware protection (network-based malware detection and blocking) |
||
It comes from here: http://www.cisco.com/c/en/us/td/docs/security/firesight/541/firepower-module-user-guide/asa-firepower-module-user-guide-v541/Licensing.html
Also see http://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/Licensing_the_Firepower_System.html#ID-2240-00000035 which states:
"Although you can configure an access control policy to perform Protection-related inspection without a license, you cannot deploy the policy until you first add a Protection license to the Firepower Management Center, then enable it on the devices targeted by the policy.
If you delete your Protection license from the Firepower Management Center or disable Protection on managed devices, the Firepower Management Center stops acknowledging intrusion and file events from the affected devices. As a consequence, correlation rules that use those events as a trigger criteria stop firing. Additionally, the Firepower Management Center will not contact the internet for either Cisco-provided or third-party Security Intelligence information. You cannot re-deploy existing policies until you re-enable Protection.
Because a Protection license is required for URL Filtering, Malware, and Control licenses, deleting or disabling a Protection license has the same effect as deleting or disabling your URL Filtering, Malware, or Control license."
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide